Attacks started in May 2018, ran for six months before being spotted
Hackers drained cash from Amazon merchant accounts over a six month period, a redacted U.K. filing from November 2018 spotted by Bloomberg reveals.
In the filing, which details “extensive fraud”, without naming the sum stolen, Amazon’s lawyers asked a London judge to approve account statement searches at Barclays and Prepay, where the hackers had access to accounts used in the fraud.
Amazon hoped that the searches will help it “investigate the fraud, identify and pursue the wrongdoers, locate the whereabouts of misappropriated funds, bring the fraud to an end and deter future wrongdoing,’ the filing stated, Bloomberg said.
Amazon Hackers: Little Known, But Fraud “Extensive”
The money stolen was loans provided by Amazon to third-party sellers and businesses, with Bloomberg reporting that some 100 seller accounts were hit. Amazon provides some merchants with loans for business and startup costs.
The filing did not reveal how much money was taken or how the accounts were accessed; in theory this could have been through phishing or social engineering scams that result in account holders handing over their unknowingly.
The fraud occurred over a period of six months, the filing said, with the first instance of fraud occurring in May 2018. Amazon says that any seller who believes they have received a phishing email should send a message to firstname.lastname@example.org.